Cloud computing environments are just as suited to illegitimate use as legitimate use. Do providers need a way to separate the chaff from the wheat to reassure enterprise-class customers that they’re doing everything they can to eliminate the hijacking of cloud computing resources for nefarious purposes?

One of the negatives of being the technology darling du jour is that every misstep, problem, and outage is immediately jumped on and reported everywhere. Amazon is particularly susceptible to such coverage, being recognized as one of the leaders in public cloud computing. Last week Amazon suffered yet another outage, true, but more interesting may be the discovery that it had been infected by the Zeus bot, a password-stealing banking Trojan.

On Wednesday, security researchers for CA found that a variant of the infamous password-stealing Zeus banking Trojan had infected client computers after hackers were able to compromise a site on EC2 and use it as their own C&C (command and control) operation.

The Zeus bot has been loose for quite some time and Amazon is certainly not the first – nor likely the last – organization to be infected by this nasty little trojan. In October social networking giant Facebook was targeted by miscreants attempting to spread some Zeus-bot love around as well. The bot is a Windows-specific trojan that, like so many others, attempts to lure its victims into installing it via phishing and drive-by attacks.

The bot itself is nothing new, nor is the targeting of Windows-specific machines, or the use of phishing. Neither is the attempt to leverage the large scale nature of specific services on the Internet as a means to spreading a virus around. And as Carl Brooks pointed out via Twitter, the use of cloud computing as on-demand bot-net farms is no surprise to the security community at large. But what isn’t being discussed – and probably needs to be – is what can be done about the situation? Is there a solution at all or will we just have to live with it?

It may be that the only remediation available is the establishment of enterprise-class clouds.

Well, one does not often see legitimate users poking around and discovering weak passwords, and then exploiting them. That means the "credit card" accessible services allows miscreants to easily gain access and then find vulnerabilities like this one through which they can further exploit the system.

Your suggestion of tiered membership seems like a possible solution - especially if the resources available are isolated by membership as well.